NFD » ndn-cxx

Could you give an example of how an application would call the CertificateBundleFetcher?

Specifically, I don't understand this:

Upon receiving a certificate request, this fetcher retrieves a certificate bundle registered by
addBundle() if matched, or deriveCertBundleName(certName) otherwise.

What does it mean for it to receive a certificate request?

This fetcher hooks onto the segment in-order arrival signal and passes the segment to an internal
CertBundleDecoder, and inserts decoded certificates into the CertificateStorage.

For this part, does it just insert the certificates into the unverified cache?

Am I correct in my understanding that the CertifcateBundleFetcher uses the SegmentFetcher internally to fetch the bundle? If so, how does the application pass a reference to the validator?

You may be misunderstanding this issue or I didn't correctly understand your question. CertBundleFetcher would be similar to CertificateFetcherFromNetwork, just instead of fetching a single cert, it would try to fetch the bundle. But overall, it would use the same interface.

Per the design posted here: (https://redmine.named-data.net/issues/2766#note-30)

Retrieval of a single certificate bundle should be handled by SegmentFetcher.
This fetcher hooks onto the segment in-order arrival signal and passes the segment to an internal
CertBundleDecoder, and inserts decoded certificates into the CertificateStorage.

This is the reason I've written the Segementer and added in-order mode to the SegmentFetcher. Since a cert bundle may be made up of multiple segments, the SegmentFetcher is used here. My question is whether the SegmentFetcher exists internally and the API design is missing where the calling application can pass a reference to the Validator, or if it exists as I think it does and I'm just missing something about how it's constructed, or if I'm completely misunderstanding and the CertBundleFetcher does not use the SegementFetcher internally.

The fetcher instance should be created and stored inside the ValidationState instance (the one you get as a parameter inside the CertificateFetcher interface). ValidationState supports TagHost interface.

Actually, we already have CertificateBundleFetcher that uses BundleNameTag. If you need to preserve the instance of the fetcher, you either rename the tag and store both (name + fetcher) or create a new tag (I prefer having a single tag).

I see where I was misunderstanding before. But I'm still unsure how to create a SegementFetcher instance inside the ValidationState instance without some access to a Validator reference necessary for the SegementFetcher constructor.

Ehm. This is not the place to do the validation, the job here is simply to fetch stuff. The certificate will be validated by the higher-level logic.

What do you suggest I do about the validator requirement for the SegmentFetcher? https://github.com/named-data/ndn-cxx/blob/09236c2b8d6d39218d22cdd5dd8d9bf9e5a1f352/ndn-cxx/util/segment-fetcher.hpp#L161

Use ValidatorNull, though yes, you still need to create and keep an instance of it in the tag.